Skip to content

Commit

Permalink
Improve Sanitizing
Browse files Browse the repository at this point in the history
  • Loading branch information
ekntrtmz committed Sep 23, 2020
1 parent 3d13936 commit 5fe5995
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
4 changes: 2 additions & 2 deletions admin/class-wp-dispatcher-add-new-upload.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,9 +102,9 @@ public function wp_dispatcher_process_upload(){
else {
if(isset($_FILES['file_upload'])){

$source = $_FILES['file_upload']['tmp_name'];
$source = sanitize_file_name($_FILES['file_upload']['tmp_name']);

$filename = $_FILES['file_upload']['name'];
$filename = sanitize_file_name($_FILES['file_upload']['name']);

//$ext = pathinfo($_FILES['file_upload']['name'], PATHINFO_EXTENSION);
//$uuid = uniqid();
Expand Down
7 changes: 4 additions & 3 deletions admin/class-wp-dispatcher-settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,8 @@ public function render_settings_page_content( $active_tab = '' ) {
<?php

if( isset( $_GET[ 'tab' ] ) ) {
$active_tab = $_GET[ 'tab' ];

$active_tab = sanitize_text_field($_GET[ 'tab' ]);
} else if( $active_tab == 'uploads' ) {
$active_tab = 'uploads';
} else if( $active_tab == 'links' ) {
Expand Down Expand Up @@ -112,7 +113,7 @@ public function render_settings_page_content( $active_tab = '' ) {
<!-- Forms are NOT created automatically, so you need to wrap the table in one to use features like bulk actions -->
<form id="movies-filter" method="get">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
<input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']) ?>" />
<?php $uploads_list_table->display(); ?>
</form>

Expand All @@ -127,7 +128,7 @@ public function render_settings_page_content( $active_tab = '' ) {
<!-- Forms are NOT created automatically, so you need to wrap the table in one to use features like bulk actions -->
<form id="movies-filter" method="get">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
<input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']) ?>" />
<?php $links_list_table->display(); ?>
</form>

Expand Down

0 comments on commit 5fe5995

Please sign in to comment.